Setting severity with the set-severity() rewrite function
It is possible to configure the severity field with the set-severity() rewrite function. When configured, the set-severity() rewrite function will only rewrite the $SEVERITY field in the message to the first parameter value specified in the function.
Note
If the parameter value is not a valid parameter value, the function ignores it and sends a debug message, but the AxoSyslog application still sends the message.Declaration
rewrite <name_of_the_rule> {
set-severity("severity string or number");
};
Parameters
The set-severity() rewrite function has a single, mandatory parameter that can be defined as follows:
`set-severity( "parameter1" );`
Accepted values
The set-severity() rewrite function accepts numeric values, named values, and aliases. Aliases are available in AxoSyslog version 4.6 and later.
| Numerical Code | Named Value | Alias |
|---|---|---|
| 0 | emerg | SYSLOG_SEVERITY_CODE(0) |
| 0 | emergency | SYSLOG_SEVERITY_CODE(0) |
| 0 | panic | SYSLOG_SEVERITY_CODE(0) |
| 1 | alert | SYSLOG_SEVERITY_CODE(1) |
| 2 | crit | SYSLOG_SEVERITY_CODE(2) |
| 2 | critical | SYSLOG_SEVERITY_CODE(2) |
| 2 | fatal | SYSLOG_SEVERITY_CODE(2) |
| 3 | err | SYSLOG_SEVERITY_CODE(3) |
| 3 | error | SYSLOG_SEVERITY_CODE(3) |
| 4 | warning | SYSLOG_SEVERITY_CODE(4) |
| 4 | warn | SYSLOG_SEVERITY_CODE(4) |
| 5 | notice | SYSLOG_SEVERITY_CODE(5) |
| 6 | info | SYSLOG_SEVERITY_CODE(6) |
| 6 | log | SYSLOG_SEVERITY_CODE(6) |
| 7 | debug | SYSLOG_SEVERITY_CODE(7) |
Example usage for the set-severity() rewrite function
The following examples can be used in production for the set-severity() rewrite function.
Example using string:
rewrite {
set-severity("info");
};
Example using numeric string:
rewrite {
set-severity("6");
};
Example using template:
rewrite {
set-severity("${.json.severity}");
};
Last modified January 28, 2024: [4.6] Adds aliases to set-severity (8df4f28)